package io.gravitee.gateway.security.jwt.policy;

import io.gravitee.gateway.api.ExecutionContext;
import io.gravitee.gateway.api.service.Subscription;
import io.gravitee.gateway.api.service.SubscriptionService;
import io.gravitee.gateway.policy.Policy;
import io.gravitee.gateway.policy.PolicyException;
import io.gravitee.policy.api.PolicyChain;
import io.gravitee.policy.api.PolicyResult;
import io.gravitee.reporter.api.http.SecurityType;
import java.util.Optional;

/* loaded from: input_file:io/gravitee/gateway/security/jwt/policy/CheckSubscriptionPolicy.class */
public class CheckSubscriptionPolicy implements Policy {
    static final String CONTEXT_ATTRIBUTE_PLAN_SELECTION_RULE_BASED = "gravitee.attribute.gravitee.attribute.plan.selection.rule.based";
    static final String CONTEXT_ATTRIBUTE_CLIENT_ID = "oauth.client_id";
    static final String OAUTH2_UNAUTHORIZED_MESSAGE = "Unauthorized";
    static final String GATEWAY_OAUTH2_ACCESS_DENIED_KEY = "GATEWAY_OAUTH2_ACCESS_DENIED";

    public void execute(PolicyChain policyChain, ExecutionContext executionContext) throws PolicyException {
        SubscriptionService subscriptionService = (SubscriptionService) executionContext.getComponent(SubscriptionService.class);
        String str = (String) executionContext.getAttribute("gravitee.attribute.api");
        String str2 = (String) executionContext.getAttribute(CONTEXT_ATTRIBUTE_CLIENT_ID);
        String str3 = (String) executionContext.getAttribute("gravitee.attribute.plan");
        executionContext.request().metrics().setSecurityType(SecurityType.JWT);
        executionContext.request().metrics().setSecurityToken(str2);
        Optional byApiAndClientIdAndPlan = subscriptionService.getByApiAndClientIdAndPlan(str, str2, str3);
        if (byApiAndClientIdAndPlan.isPresent()) {
            boolean equals = Boolean.TRUE.equals(executionContext.getAttribute(CONTEXT_ATTRIBUTE_PLAN_SELECTION_RULE_BASED));
            Subscription subscription = (Subscription) byApiAndClientIdAndPlan.filter(subscription2 -> {
                return !equals || subscription2.getPlan().equals(str3);
            }).orElse(null);
            if (subscription != null && subscription.isTimeValid(executionContext.request().timestamp())) {
                executionContext.setAttribute("gravitee.attribute.application", subscription.getApplication());
                executionContext.setAttribute("gravitee.attribute.user-id", subscription.getId());
                executionContext.setAttribute("gravitee.attribute.plan", subscription.getPlan());
                policyChain.doNext(executionContext.request(), executionContext.response());
                return;
            }
        }
        policyChain.failWith(PolicyResult.failure(GATEWAY_OAUTH2_ACCESS_DENIED_KEY, 401, OAUTH2_UNAUTHORIZED_MESSAGE));
    }

    public String id() {
        return "check-subscription";
    }
}
